Mr Zuckerberg repeated that Facebook had already changed its rules so no such breach could happen again.

“We’re also investigating every single app that had access to large amounts of data before we fixed this. We expect there are others,” he stated.

“And when we find them, we will ban them and tell everyone affected.”

The ads contained no mention of the political consultancy accused of using the leaked data, Cambridge Analytica, which worked on US President Donald Trump’s 2016 campaign.

The British firm has denied wrongdoing.

What is the row about?

In 2014, Facebook invited users to find out their personality type via a quiz developed by Cambridge University researcher, Dr Alexsandr Kogan called This is Your Digital Life.

About 270,000 users’ data was collected, but the app also collected some public data from users’ friends without their knowledge.

Facebook has since changed the amount of data developers can gather in this way, but a whistleblower, Christopher Wylie, says the data of about 50 million people was harvested for Cambridge Analytica before the rules on user consent were tightened up.

Mr Wylie claims the data was sold to Cambridge Analytica which then used it to psychologically profile people and deliver pro-Trump material to them during the 2016 US presidential election campaign.

Facebook has said Dr Kogan passed this information on to Cambridge Analytica without its knowledge. And Cambridge Analytica has blamed Dr Kogan for any potential breach of data rules.

But Dr Kogan has said he was told by Cambridge Analytica everything they had done was legal, and that he was being made a “scapegoat” by the firm and Facebook.

Did Facebook get a warning seven years ago?

As first reported in the Sunday Telegraph, Ireland’s Data Protection Commissioner (DPC) warned Facebook’s security policies were too weak to stop abuse in 2011, some three years before the breach took place.

Following an audit, the DPC said relying on developers to follow information rules in some cases was not good enough “to ensure security of user data”.

It also said Facebook processes to stop abuse were not strong enough to “assure users of the security of their data once they have third party apps enabled”.

Facebook said it strengthened its protections following the recommendations and was told it had addressed the DPC’s original concerns after a second audit in 2012. The tech firm also said it changed its platform entirely in 2014 with the regulator’s recommendations in mind.